| Oracle® On Track Communication Security Guide Release 1 (1.0) Part Number E20958-03 |
|
|
View PDF |
| Oracle® On Track Communication Security Guide Release 1 (1.0) Part Number E20958-03 |
|
|
View PDF |
This chapter covers the different security mechanisms for authenticating user access to Oracle On Track.
A user can be a person (such as an application end user) or a software entity (such as a client application). To access any resource belonging to a realm, a user must be defined in a security realm. A security realm comprises mechanisms for protecting the resources. Each security realm consists of a set of configured providers, users, groups, security roles, and security policies.
Oracle On Track provides two main ways to authenticate users that access a security realm:
Using the default Database Realm.
Using the Lightweight Directory Application Protocol (LDAP) Realm.
The choice of either mechanism for user authentication and access, or a combination of both, depends on different requirements. See Database Realm and LDAP Realm for more information.
Note:
To limit the usage of Oracle On Track to a small set of users, you can add the users explicitly from the Oracle On Track Administration Console and then disable Self Signup on the realm. See the Oracle On Track Administration Console Help for more information.For a self-contained Oracle deployment, Oracle recommends to use the database realm for user authentication. Every Oracle On Track instance has one database realm that is used for verifying and retrieving user names and passwords. Some of the security considerations for a database realm are as follows:
Ensure that only users who can authenticate against LDAP can access Oracle On Track. To do this, grant the administrator privilege to an LDAP user and then disable the database realm.
If you are using database realm and if you are not an LDAP user, then modify the password policy parameters for a secure and strong password.
The LDAP realm provides authentication through an LDAP server. This server allows you to manage all the users for your organization in the LDAP directory. For an existing LDAP server, Oracle recommends to use this mechanism for user authentication.
Some of the security considerations for LDAP Realm user authentication are as follows:
Ensure that there is SSL communication between Oracle On Track and the LDAP server.
Use the realm checking REGEXP parameter to exclude realms. For example, a non-Oracle e-mail ID cannot be provisioned in the Oracle account (@oracle.com).
"Disable "User creation enabled" in the Administration Console if all your user accounts are in an LDAP Realm.
|
 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
